high

Bypassing authorization in Google Cloud Workstations

Published Fri, Jan 13th, 2023
Platforms

Summary

Several vulnerabilities were present in how Google Cloud Shell (ssh.cloud.google.com) handled OAuth credentials. These included an open-redirect vulnerability, where attackers could redirect users to malicious sites to capture their credentials, and a validation bypass that allowed tokens to be submitted to user-defined URIs, circumventing normal security checks. Additionally, Google Cloud Workstations did not correctly tie the state parameter to the session that generated it, which allowed valid state parameters to be reused across different sessions and users. Combined, these issues created a scenario where credentials to Google Cloud Workstations were susceptible to phishing attacks.

Affected Services

Cloud Workstations, Cloud Shell

Remediation

None required

Tracked CVEs

No tracked CVEs

References

Contributed by https://github.com/KatTraxler
Entry Status
Finalized
Disclosure Date
Sat, Nov 19th, 2022
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
-
Discovered by
Sivanesh Ashok, Sreeram KL

More vulnerabilities...

high

SSH key injection in Google Cloud Compute Engine

Google Cloud Compute Engine (GCE) was vulnerable to SSH key injection by abusing an SSH-in-browser feature to change username and password. An attacker could send a specially-crafted link to a targ...

...
Sivanesh Ashok

high

Client-Side SSRF to Google Cloud Project Takeover

A vulnerability in Vertex AI Workbench allowed attackers to take over victims' Google Cloud projects through client-side SSRF. The initial bug involved unauthorized access to authentication tokens,...

...
Sivanesh Ashok, Sreeram KL

medium

IAP CORS Misconfiguration Allows Email Disclosure

A CORS misconfiguration in Google Cloud's Identity-Aware Proxy (IAP) could have allowed attackers to disclose the email address of an authenticated user in websites protected by IAP, by convincing ...

Borna Nematzadeh

View all